<img alt="Liferay" height="36" src="http://cdn.www.liferay.com/osb-www-theme/images/custom/heading.png" width="146" />

Punteggio: Junior Member

Messaggi: 58

Data di Iscrizione: 26 agosto 2011

LDAP Authentication has been enabled.
Test LDAP Connection returns successful.
Test LDAP Users returns with a list of users.
Test LDAP Groups is successful as well.

I sign out of Test@Liferay.com and try logging in as on of the users returned from "Test LDAP Users."
Authentication fails.

Liferay throws authentication fails very quickly as if it did not even check against Active Directory.

Any suggestions? Thanks!

RE: LDAP Authentication not working

21 settembre 2011 7.08

Risposta

Punteggio: Liferay Legend

Messaggi: 4496

Data di Iscrizione: 1 settembre 2006

I would try restarting the app container, then reindex all search indices. When you go to the Users control panel page, you should see all of the imported users...

Contrassegno come una risposta

RE: LDAP Authentication not working

21 settembre 2011 12.25

Risposta

Punteggio: Junior Member

Messaggi: 58

Data di Iscrizione: 26 agosto 2011

David H Nebinger:

I would try restarting the app container, then reindex all search indices. When you go to the Users control panel page, you should see all of the imported users...

Thanks, but I don't want to import the users. I just want to authenticate them against Active Directory when they enter their email address / password on the login page.

Contrassegno come una risposta

RE: LDAP Authentication not working

21 settembre 2011 14.00

Risposta

Ronak Patel

Punteggio: New Member

Messaggi: 19

Data di Iscrizione: 20 gennaio 2010

Did you check your authentication filter syntex?

Is it correct?

-
Ronak

Contrassegno come una risposta

RE: LDAP Authentication not working

22 settembre 2011 5.38

Risposta

Punteggio: Liferay Legend

Messaggi: 4496

Data di Iscrizione: 1 settembre 2006

Bruno Galvao:

Thanks, but I don't want to import the users. I just want to authenticate them against Active Directory when they enter their email address / password on the login page.

Okay, maybe no one has made this clear. All Liferay users must be in the Liferay database. When the user record is created, it gets the unique primary key value that is then used as a foreign key on other tables.

When you do AD/LDAP integration, you must import the users into the Liferay database. After the users are imported, when signing in AD/LDAP will be used to ensure the credentials are valid, but they must still be defined in the Liferay database...

Contrassegno come una risposta

RE: LDAP Authentication not working

23 settembre 2011 14.55

Risposta

Ken Dong

LIFERAY STAFF

Punteggio: New Member

Messaggi: 6

Data di Iscrizione: 31 agosto 2010

David H Nebinger:

Bruno Galvao:

Thanks, but I don't want to import the users. I just want to authenticate them against Active Directory when they enter their email address / password on the login page.

I'm pretty sure you can import on demand. You don't need to import the whole ldap database on startup. If you import on demand, when a user goes to sign into Liferay, Liferay will check it's database first, and if that user does not exist, it will go through and pull it from the Ldap database.

You can set this through the control panel as well as in your portal-ext.properties. Of course you can only set it in one or the other as the control panel overwrites the portal-ext.properties.

Contrassegno come una risposta

RE: LDAP Authentication not working

23 settembre 2011 15.47

Risposta

Ken Dong

LIFERAY STAFF

Punteggio: New Member

Messaggi: 6

Data di Iscrizione: 31 agosto 2010

Bruno Galvao:

Are you logging in via email or by screen name? Try setting it up to login by screen name.

Contrassegno come una risposta

RE: LDAP Authentication not working

28 settembre 2011 7.18

Risposta

Punteggio: New Member

Messaggi: 13

Data di Iscrizione: 6 gennaio 2011

Make sure you have LDAP Import on startup toggled on. (Control Panel settings Authentication LDAP)
Check the Users_ table in you DB schema for the presence of imported LDAP content.
This allows you to determine what's been imported without logging into liferay.
Alternatively, you can check the Users portlet in the Control Panel (logged in as an admin).

Liferay does not actually check against Active directory, it imports the data to a Liferay DB table (actually, several of them)
User_, Group_ being the most important.

Contrassegno come una risposta

RE: LDAP Authentication not working

28 settembre 2011 12.06

Risposta

Punteggio: New Member

Messaggi: 13

Data di Iscrizione: 6 gennaio 2011

Hmmm, I'm not sure about this.
The import seems to be an all or nothing thing.
I have not been able to get import on demand to work.

Also, if I first import the full LDAP active directory, then disable LDAP import, I am unable to login using existing (in LP D emoticon

account info.
This last issue sounds like a bug in LP 6.0 EE SP2.

Here's a specific example:
I setup LDAP to import (set import interval to 8 hours in portal-ext.properties via ldap.import.interval=480)
I confirm that all active directory data has been properly imported by checking User_ and Group_ tables in liferay DB or by checking Users in control panel.
I login as davidkeith@lathamint.com (signon set to use email address) and my LDAP password.
I disable LDAP import and log out.
I try to login as Davidkeith@lathamint.com using my LDAP password.
Authentication fails and I am unable to login
I re-enable LDAP import and I am once again able to login using davidkeith@lathamint.com and LDAP password.

If the account info is already imported in liferay's User_ table, why should I still need LDAP import enabled?
Has the behavior change in the SP2 update.

Can someone confirm this behavior for me please?
I will log an issue in JIRA if this is indeed a bug.

Thanks in advance for any help anyone can provide.

Contrassegno come una risposta

RE: LDAP Authentication not working

28 settembre 2011 13.19

Risposta

Punteggio: Liferay Legend

Messaggi: 4496

Data di Iscrizione: 1 settembre 2006

If the account info is already imported in liferay's User_ table, why should I still need LDAP import enabled?

It will rebind to ldap using the credentials to ensure the account is still valid...

I don't think this is a bug; we want to do ldap authentication and part of that authentication includes ensuring the credentials are correct.

Otherwise LR imports you today but you are disabled in LDAP tonight; when you hit the box tomorrow w/o the LDAP bind, it would let you log in even though you should not be able to...

Contrassegno come una risposta

RE: LDAP Authentication not working

28 settembre 2011 14.08

Risposta

Punteggio: New Member

Messaggi: 13

Data di Iscrizione: 6 gennaio 2011

Thanks David,

I'm thinking that if I wanted to use the imported LDAP data without validating against LDAP, I'd have to disable the import and uncheck the enabled and required options as well.
In my original case I did not uncheck these options, only disabled the import.

I will try this tomorrow in my development environment before any of my developers begin using the site.

In general I do not plan on ever disabling the LDAP import, except for maybe in temporary cases like an LDAP server upgrade or maintenance window.
For this particular case, it was temporarily disabled in a non production Liferay instance for some development reasons and I just happened to notice that I could no longer login as anyone but omniuser.

-David

Contrassegno come una risposta

RE: LDAP Authentication not working

28 settembre 2011 16.30

Risposta

Punteggio: Liferay Legend

Messaggi: 4496

Data di Iscrizione: 1 settembre 2006

David Keith:

For this particular case, it was temporarily disabled in a non production Liferay instance for some development reasons and I just happened to notice that I could no longer login as anyone but omniuser.

Omniusers do not have to pass LDAP auth, even when enabled. Keep that in mind for the future...

Contrassegno come una risposta

RE: LDAP Authentication not working

5 ottobre 2011 10.32

Risposta

Punteggio: Junior Member

Messaggi: 58

Data di Iscrizione: 26 agosto 2011

LDAP is not working for me.
Below is my portal-ext.properties, please let me know if you see something I should add/remove/modify:

1
2ldap.import.enabled=true
3ldap.import.on.startup=true
4ldap.import.method=user
5ldap.base.provider.url=ldap://yyy.aaa.zzz:389
6ldap.security.principal=yyy\bruno galvao
7ldap.security.credentials=myPass
8ldap.users.dn=OU=ITS,OU=XXX,OU=YYY Users,DC=yyy,DC=aaa,DC=zzz
9ldap.user.mappings=screenName=employeeID\npassword=userPassword\nemailAddress=mail\nfullName=cn\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=memberOf
10ldap.auth.search.filter=(mail=@email_address@)
11ldap.import.user.search.filter=(objectClass=User)

Contrassegno come una risposta

RE: LDAP Authentication not working

12 ottobre 2011 11.08

Risposta

Punteggio: New Member

Messaggi: 13

Data di Iscrizione: 6 gennaio 2011

Hi Bruno,

Can you verify if the import has been performed successfully?

Login to your LP database and use your Liferay schema.
do a select * or a select count(*) from the User_ table.

If you don't see all of your LDAP users there, this is your problem.

Remember, LDAP users MUST be in the local Liferay database as well as being present in your LDAP repository.

Hope this helps,

-David

Contrassegno come una risposta

RE: LDAP Authentication not working

24 marzo 2012 4.42

Risposta

Bhupesh Nagda

Punteggio: New Member

Messaggi: 4

Data di Iscrizione: 16 marzo 2012

Hi,
I have a unique issue while authenticating the AD users in Liferay, they would be able to login for any password(text or number or special character) including their original password.
I am using Liferay 6.0.6 CE with MySQL database...Also the users are being imported in the User_ table which I cross checked.
I have added the patch provided by jonus => 'lps9000-ldap-ce6010-portal-impl-jdk5.jar' and it worked well with HSQL database, users were authenticating with their original password only.
I dont know where exactly is the issue,is it with MySQL?? emoticon

can anyone please help??

==> portal-ext.properties

# MySQL
#jdbc.default.jndi.name=jdbc/LiferayPool
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost:3306/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
jdbc.default.username=root
jdbc.default.password=YES
schema.run.enabled=true
schema.run.minimal=true
plugin.repositories.trusted=http://plugins.liferay.com/official
users.reminder.queries.enabled=false
users.reminder.queries.custom.question.enabled=false
ldap.import.user.password.enabled=true

Contrassegno come una risposta

RE: LDAP Authentication not working

4 aprile 2012 3.38

Risposta

Bhupesh Nagda

Punteggio: New Member

Messaggi: 4

Data di Iscrizione: 16 marzo 2012

Can anyone here please help me??

Contrassegno come una risposta

RE: LDAP Authentication not working

3 ottobre 2012 5.17

Risposta

Oliver Dudas

Punteggio: New Member

Messaggi: 1

Data di Iscrizione: 29 marzo 2012

Hi, same problem here.

Liferay 6.0.5 CE
Oracle DB
Same patch

I'm able to login for any password emoticon

Contrassegno come una risposta

RE: LDAP Authentication not working

3 ottobre 2012 9.00

Risposta

Jonas Yuan

Punteggio: Liferay Master

Messaggi: 993

Data di Iscrizione: 26 aprile 2007

@Bhupesh @Oliver,

Let me verify the same patch in MySQL and Oracle DB.

Thanks to report the issue.

Jonas Yuan

Contrassegno come una risposta

RE: LDAP Authentication not working

16 novembre 2012 7.33

Risposta

Punteggio: Junior Member

Messaggi: 58

Data di Iscrizione: 26 agosto 2011

Dhiraj Minocha:

Hi Bruno,

I am also experiencing the same problem with my Ldap configuration.
In control panel the two checkboxes "import enabled" and "import on startup enabled" are ticked.
I have even checked the data base table User_ and I dont find my ldap users imported there.

Please help me with this.

Thanks
Dhiraj

Hi Dhiraj,

I ended up having to write an SQL Job to pull in the users into a temporary Liferay table and from there I wrote a .NET program to call the API and add/remove/update users.

I published part of the .NET program on my blog: http://brunopgalvao.wordpress.com/

Best
Bruno